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DETAILED ACTION 

1 . This Office Action is in response to the Applicant's amendment filed on June 1 1 , 
2009. 

2. Claims 1, 3-5, 7 and 9-15 have been amended. New claims 16-20 have been 
added. Claims 1-20 are pending. 

Response to Arguments 

3. Applicant's arguments filed on 6/1 1/09 have been considered but are moot in 
view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S. C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claim 7-20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claims 7-20 are objected to because of the following 
informalities: Claims 7-20 recite "STT" and "STT R " and "STT S " multiple times. It is 
unclear how the STT R and STT S are associated with STT and also it is unclear what 
exactly is the similarities and/or the differences between the "STT", "STT R " and "STT S ". 

6. Claim 1 3 recites "if the average load of STT R is smaller than that of STT S ", 
however, it is not clear from the claimed language what is the difference between STT, 
STT R and STT S . (see rejection above) 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 . Claims 1 -2 and 5-8 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Moran et al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter 
Maher) US 7,058,974. 
As per claim 1 : 

Moran teaches an apparatus to be connected between a network access unit 
and a network to be protected, for protecting legitimate traffic from DoS (denial of 
service) and DDoS (distributed denial of service) attacks, said apparatus comprising: 
a high-priority queue; (figure 40; col. 46, lines 55-58; a high priority queue) 
a low-priority queue; {figure 40; col. 46, lines 55-58; a low priority queue) 
a queue information table having, for each specific STT (source-based traffic 
trunk), a service queue for a specific packet having the specific STT, wherein the 
service queue is the hgh-priority queue or the low-priority queue; {col. 27, lines 15-17; a 
priority filter table (CAM), which contains information to the priority flows e.g. address 
pairs, etc.) 

a packet classifier for receiving a packet from the network access unit, searching 
the queue information table for a service queue associated with an STT of the received 
packet, selectively transferring the received packet to the high-priority queue or the low- 
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priority queue in accordance with the service queue; (col. 46, lines 53-57; the flows are 
prioritized into high and low priority flows. High priority flows are stored in high-priority 
queue while low priority flows are stored in low-priority queues) 

a queue coordinator for receiving information on the received packet from the 
packet classifier; (col. 27, lines 61-67; col. 45, line 32- col. 46, line 56) 

a buffer for buffering outputs of the high-priority queue and the low-priority queue 
and providing buffered outputs to the network to be protected, {col. 2, line 15; flow 
processor filters and buffers the collected data; col. 30, lines 30-32; the buffer space for 
each queue varies dynamically based on the arrival of classified packet; col. 46, lines 
61-62; buffers from low-priority queue can be reallocated to the high-priority queue) 

Moran does not explicitly disclose updating the service queue associated with the 
STT of the received packet in the queue information table based on a load of the STT of 
the received packet. Maher in analogous art, however, discloses updating the service 
queue associated with the STT of the received packet in the queue information table 
based on a load of the STT of the received packet, (col. 3, lines 7-34; col. 6, line 1 1-67; 
col. 7, line 54-col. 8, line 58; col. 11, line 28-col. 12, line 28) Therefore, it would have 
been obvious to one ordinary skill in the art at the time the invention was made to 
modify the system disclosed by Moran with Maher in order to assign data packets 
associated with a non-validated traffic flow to a low priority queue thereby preventing 
brute type denial of service attacks designed to clog networks. (Abstract; Maher) 

As per claim 2: 
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The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the network to be 
protected comprises a server, (co/. 4, lines 36; server) 
As per claim 5: 

The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein a maximum load of both 
the high-priority queue and the low-priority queue is set to be a maximum allowable load 
of the network to be protected, (col. 46, lines 61-62; buffers from low-priority queue can 
be reallocated to the high-priority queue) 
As per claim 6: 

The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the network to be 
protected comprises a server, {col. 4, lines 36; server) 
As per claim 7: 

Moran teaches a method of protecting legitimate traffic from DoS (denial of 
service) and DDoS (distributed denial of service) attacks, by way of an appratus which 
is connected between a network access unit and a network to be protected and which 
includes: a queue information table having, for each specific STT (source-based traffic 
trunk), a service queue for a specific packet having the specific STT, wherein the 
service queue is a high-priority queue or a low-priority queue, a queue coordinator, and 
a packet classifier, the method comprising the steps of: 
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(a) obtaining, by the packet classifier, an STT (STT R ) of a packet received form 
the network access unit based on a source IP address of the received packet; (col. 27, 
lines 15-17; a priority filter table (CAM), which contains information to the priority flows 
e.g. address pairs, etc; col. 73, lines 26-28; only packets that match a specific set of 
MAC addresses (source or destination) may be included. Additionally, only packets that 
include a specific VLAN Group can be included) 

(b) searching, by the packet classifier, the queue information table for the service 
queue corresponding to the STT R and checking, by the packet classifier, whether the 
service queue is the high-priority queue or the low-priority queue; {figure 40; col. 46, 
lines 55-58; a low priority queue) 

(c) transferring, by the packet classifier, the received packet to the high-priority 
queue if the service queue is the high-priority queue in the step (b); {figure 40; col. 46, 
lines 55-58; a high priority queue) 

(d) transferring, by the packet classifier, the received packet to the low-priority 
queue if the service queue is the low-priority queue in the step (b); (col. 46, lines 53-57; 
the flows are prioritized into high and low priority flows. High priority flows are stored in 
high-priority queue while low priority flows are stored in low-priority queues) and 

(e) transferring, by the packet classifier, packet information on the received 
packet to the queue coordinator; and (col. 27, lines 61-67; the flow processor to give a 
set of priority to a set of flows that contain a provisional (or other) address pairs 
corresponding to packets of interest) 
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Moran does not explicitly disclose updating, by the queue coordinator and based 
on a load of STT R , the service queue associated with STT R in the queue information 
table. Maher in analogous art, however, discloses updating, by the queue coordinator 
and based on a load of STT R , the service queue associated with STT R in the queue 
information table, (col. 3, lines 7-34; col. 6, line 11-67; col. 7, line 54-col. 8, line 58; col. 
11, line 28-col. 12, line 28) Therefore, it would have been obvious to one ordinary skill in 
the art at the time the invention was made to modify the system disclosed by Moran with 
Maher in order to assign data packets associated with a non-validated traffic flow to a 
low priority queue thereby preventing brute type denial of service attacks designed to 
clog networks. (Abstract; Maher) 
As per claim 8: 

The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the network to be 
protected comprises a server, (col. 4, lines 36; server) 

2. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter Maher) US 
7,058,974 and in view of Bremler-Barr et al. (hereinafter Bremler-Barr) US 
2003/0076848. 
As per claim 3: 

The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the information on the 
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received packet includes a packet size and an index of the queue information table for 
representing STT information of the packet (col. 27, lines 15-17; a priority filter table 
(CAM), which contains information to the priority flows e.g. address pairs, etc.). Both 
references do not explicitly disclose information includes a packet arrival time. Bremler- 
Barr in analogous art, however, discloses information includes a packet arrival time 
{page 5, paragraph [101]; arrival times of the packet). Therefore it would have been 
obvious to one ordinary skill in the art at the time the invention was made to modify the 
system disclosed by Moran and Maher with Bremler-Barr in order to determine the next 
packet service completion time (paragraph [101]; Bremler-Barr). 
3. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter Maher) US 
7,058,974 and in view of Dobson US 6,650,643. 
As per claim 4: 

The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran teaches wherein the queue information table has 
fields including an STT ID, a service queue col. 27, lines 15-17; a priority filter table 
(CAM), which contains information to the priority flows e.g. address pairs, etc; col. 73, 
lines 26-28; only packets that match a specific set of MAC addresses (source or 
destination) may be included. Additionally, only packets that include a specific VLAN 
Group can be included). Both references do not explicitly disclose wherein the queue 
information table has an average load, a recent load calculation time and a total packet 
size. Dobson in analogous art, however, discloses wherein the queue information table 
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has an average load, a recent load calculation time and a total packet size (col. 6, lines 
17-31; after calculating the current load, the load integrator calculates the average load 
at a pre-defined interval). Therefore it would have been obvious to one ordinary skill in 
the art at the time the invention was made to modify the system disclosed by Moran and 
Maher with Dobson in order to calculate current load and an average load for the 
processor based on the result from the load calculator performing the load calculator 
task (col. 4, lines 36-37; Dobson). 

4. Claims 9-11, 13-15 and 16-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Moran et al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. 
(hereinafter Maher) US 7,058,974 and in view of Dobson US 6,650,643. 
As per claims 9 and 16: 

The combination of Moran and Maher teaches all the subject matter as 
discussed above. In addition, Moran further discloses (a') calculating an average load of 
an STT based on the packet information transferred from the packet classifier; (col. 30, 
lines 30-67; to manage aggregate packet rate and avoid dropped packets, the expert 
task monitors the average depth of the priority queue and may selectively discard flows 
from the priority filter) (b') selectively resetting the service queue associated with STT 
depending on the calculated average load of the STT; (col. 30, lines 30-67; the buffer 
space for each queue varies dynamically based on the arrival of a classified packet that 
meet the priority criteria and as the number of flows increases, buffers are reallocated . 
To manage aggregate packet rate and avoid dropped packets, the expert task monitors 
the average depth of the priority queue and may selectively discard flows from the 
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priority filter) (c') calculating an average load of the high-priority queue; (col. 46, lines 
60-62; Buffers from both the high and low priority queue can be reallocated if the 
amount of data surpasses a predetermined threshold.) Both references do not explicitly 
disclose resetting a certain STT service queue based on the calculated average load of 
the high priority queue; and storing the reset STT information in the queue information 
table. Dobson in analogous art, however, discloses (d') selectively resetting a service 
queue associated with a certain STT depending on the calculated average load of the 
high-priority queue; (col. 8, lines 57-64; the load integrator issues a re-start instruction to 
the load calculator in order to determine the next current load) and (e') storing the 
selectively reset service queue in the queue information table, (col. 8, lines 61-64; the 
load integrator may calculate and store a current load and an average load for the 
processor) Therefore it would have been obvious to one ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Moran and Maher with 
Dobson in order to calculate current load and an average load for the processor based 
on the result from the load calculator performing the load calculator task (col. 4, lines 
36-37; Dobson). 

As per claim 10: 

The combination of Moran, Maher and Dobson teaches all the subject matter as 
discussed above. In addition, Dobson further discloses storing a modified average load 
in the queue information table, (col. 8, lines 61-64; the load integrator may calculate and 
store a current load and an average load for the processor) 
As per claims 11 and 18: 
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The combination of Moran, Maher and Dobson teaches all the subject matter as 
discussed above. In addition, Dobson further discloses wherein the step (a') further 
includes the steps of: (a'1) calculating a total packet size based on the packet 
information transferred from the packet classifier; (col. 6, lines 17-31; after calculating 
the current load, the load integrator calculates the average load at a pre-defined 
interval) (a'2) checking whether it is time to recalculate the average load; [col. 6, lines 
17-31; after calculating the current load, the load integrator calculates the average load 
at a pre-defined interval) (a'3) if it is time to recalculate the average load in the step (a'2, 
calculating a new average load by using a previous average load and a current average 
load based on the total packet size, and proceeding to step (b'); {col. 8, lines 50-64; the 
load integrator discards the oldest prior load and stores the current load, ...the load 
calculator calculates the average load) and (a'4) if it is not time to recalculate the 
average load, proceeding to step (b'). (col. 8, lines 57-64; the load integrator issues a 
re-start instruction to the load calculator in order to determine the next current load) 
As per claims 1 3 and 1 7: 

The combination of Moran, Maher and Dobson teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the step (b') further 
includes the steps of: (b'1) setting the service queue associated with STT to be the low- 
priority queue if the calculated average load of STT is greater than an allowable load 
when the high-priority queue is in a congested state; (col. 48, lines 5-8; as the priority 
queue water-level approaches a " minimum head room" threshold, flows are randomly 
discarded from priority set a, relegating them back to non-priority queue) (b'2) randomly 
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choosing one STT which uses the low-priority queue from the queue information table if 
the service queue associated with STT is the high-priority queue; {col. 48, lines 8-9; 
During this time, the flow processor may only service the priority queue) (b'3) following 
step (b'2), setting a service queue associated with STT to be the high-priority queue and 
the service queue associated with STT to be a low-priority queue if the average load of 
STT is greater than that of the STTs; (col. 30, lines 30-67; to manage aggregate packet 
rate and avoid dropped packets, the expert task monitors the average depth of the 
priority queue and may selectively discard flows from the priority filter) (b'4) randomly 
choosing one STT (STTs), which uses the high-priority queue from the queue 
information table if the service queue associated with STTr is a low-priority queue; {col. 
30, lines 30-67; to manage aggregate packet rate and avoid dropped packets, the 
expert task monitors the average depth of the priority queue and may selectively discard 
flows from the priority filter) and (b'5) following the step (b'4), setting the service queue 
associated with STTr to be the high-priority queue and a service queue associated with 
STTs to be the low-priority queue if the average load of an STTr is smaller than that of 
STTs. (col. 30, lines 30-32; the buffer space for each queue varies dynamically based 
on the arrival of classified packet; col. 46, lines 61-62; buffers from low-priority queue 
can be reallocated to the high-priority queue) 
As per claims 14 and 20: 

The combination of Moran, Maher and Dobson teaches all the subject matter as 
discussed above. In addition, Dobson further discloses wherein the step (c') further 
includes the steps of: (c'1 ) determining whether the service queue associated with STTr 
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after the selective resetting in step (b') is the high-priority queue or the low-priority 
queue; (col. 6, lines 17-31; after calculating the current load, the load integrator 
calculates the average load at a pre-defined interval) (c'2) calculating a total packet size 
served through a high-priority queue associated with STTr is the high-priority queue; 
(col. 6, lines 17-31; after calculating the current load, the load integrator calculates the 
average load at a pre-defined interval) (c'3) calculating an average load of a high-priority 
queue if it is time to recalculate the average load of the high-priority queue; and (col. 8, 
lines 50-64; the load integrator discards the oldest prior load and stores the current 
load, ...the load calculator calculates the average load) (c'4) proceeding to the step (d'). 
(col. 8, lines 57-64; the load integrator issues a re-start instruction to the load calculator 
in order to determine the next current load) 
As per claims 15 and 19: 

The combination of Moran, Maher and Dobson teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the step (d') includes the 
steps of: (d'1) obtaining the calculated average load of a high-priority queue from the 
step (c'); {col. 48, lines 5-8; as the priority queue water-level approaches a " minimum 
head room" threshold, flows are randomly discarded from priority set a, relegating them 
back to non-priority queue) (d'2) randomly choosing one STT, which uses high-priority 
queue and setting a service queue of the randomly chosen STT to the low-priority 
queue if the calculated average load of the high-priority queue indicates that the high- 
priority queue is in a congested state; (col. 48, lines 8-9; During this time, the flow 
processor may only service the priority queue) (d'3) randomly choosing one STT, which 
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uses the low-priority queue and setting a service queue of the randomly chosen STT to 
the high-priority queue if the calculated average load of the high-priority queue is in an 
idle state; {col. 30, lines 30-67; to manage aggregate packet rate and avoid dropped 
packets, the expert task monitors the average depth of the priority queue and may 
selectively discard flows from the priority filter) and (d'4) proceeding to the step (e') if the 
calculated average load of the high-priority queue indicates that the high-priority queue 
is in stable state or when one of the steps of (d'2) and (d'3) is performed, (col. 2, line 
15; flow processor filters and buffers the collected data; col. 30, lines 30-32; the buffer 
space for each queue varies dynamically based on the arrival of classified packet; col. 
46, lines 61-62; buffers from low-priority queue can be reallocated to the high-priority 
queue) 

5. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter Maher) US 
7,058,974 and in view of Dobson US 6,650,643 and in view of Bremler-Barr et al. 
(hereinafter Bremler-Barr) US 2003/0076848. 
As per claim 12: 

The combination of Moran, Maher and Dobson teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the packet information 
includes a packet size and a queue information table index and a corresponding STT. 
(col. 27, lines 15-17; a priority filter table (CAM), which contains information to the 
priority flows e.g. address pairs, etc.). Both references do not explicitly disclose 
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information includes a packet arrival time. Bremler-Barr in analogous art, however, 
discloses information includes a packet arrival time {page 5, pp. 101; arrival times of the 
packet). Therefore it would have been obvious to one ordinary skill in the art at the time 
the invention was made to modify the system disclosed by Moran, Maher and Dobson 
with Bremler-Barr in order to determine the next packet service completion time 
(paragraph [101]; Bremler-Barr). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

IS. GV 

Examiner, Art Unit 2437 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



